|
Posted by Simon on May 26, 2006, 4:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
apsolar@gmail.com wrote:
> Hello Gurus,
>
> I am a networking newbie, working on a project to upgrade the current
> VPN gateway in my company.
> Here's the scenario:
> I have a VPN gateway at a remote site which I would call as C.
> There are two VPN gatewy's A and B at my current site.
> B is the main gateway and A is a backup in case B fails.
> I have setup Site-to-Site Tunnels on all these gatewyas with
> appropriate security associations.
> I am using the IPSEc security profile.
> C has tunnels to both A and B.B tunnel has metric 0 and A has metric on
>
>
>
> 1.
> B has a tunnel to C and knows that its failover option is A.
> I have tested the tunnels manually and they seem to work fine.
> My question to you guys, Currenlty I setup a static route on the core
> at the current site to route all traffic to C through VPN gateway B. In
>
>
>
> case of B failing, I will have to manually change this route to go
> through VPN A.
> Is there a way by which I could automate this routing change?
> I am using Shiva 3115 VPN gateways and they have an option to configure
>
>
>
> OSPF.
> Do I need to setup dynamic routing on the VPN gateways or on the main
> core?And how?
>
>
> Thank you in advance.
> Ankit
>
I would have thought you would just enable ospf on the 3 vpn gateways,
ospf will then advertise the network at location C down both tunnels to
A and B. Make the ospf cost higher on the link via A so that the tunnel
via B gets used. When the link between B and C go down the route will
disappear and the alternate route via A would get used. Whatever is the
default router at the central site would also need to be ospf aware so
it learns these routes.
simon
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map